arillso.system.access role – Access management with multi-entry-point support

Note

This role is part of the arillso.system collection (version 1.0.5).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install arillso.system.

To use it in a playbook, specify: arillso.system.access.

Entry point `groups` – Group management entry point 

Synopsis 

Entry point for managing groups
Handles group creation and removal

Parameters 

Parameter	Comments
access_groups list / elements=dictionary / required	List of groups to manage

Entry point `main` – Access management with multi-entry-point support 

Synopsis 

Manages system access including users, groups, sudo and SSH
Supports granular control via entry points
Security-focused with validation and backup options

Parameters 

Parameter	Comments
access_backup_configs boolean	Backup configuration files before changes Choices: `false` `true` ← (default)
access_groups list / elements=dictionary	List of groups to manage Default: `[]`
gid integer	Group ID
name string / required	Group name
state string	Group state Choices: `"present"` ← (default) `"absent"`
system boolean	System group Choices: `false` ← (default) `true`
access_groups_enabled boolean	Enable group management entry point Choices: `false` `true` ← (default)
access_ssh_keys list / elements=dictionary	List of SSH keys to manage Default: `[]`
exclusive boolean	Remove all other keys Choices: `false` ← (default) `true`
key string / required	SSH public key
key_options string	SSH key options
state string	Key state Choices: `"present"` ← (default) `"absent"`
user string / required	Username
access_ssh_keys_enabled boolean	Enable SSH key management entry point Choices: `false` `true` ← (default)
access_ssh_password_authentication boolean	Enable password authentication Choices: `false` ← (default) `true`
access_ssh_permit_root_login string	Permit root login Choices: `"True"` `"False"` `"prohibit-password"` ← (default) `"forced-commands-only"`
access_ssh_port integer	SSH port Default: `22`
access_ssh_pubkey_authentication boolean	Enable public key authentication Choices: `false` `true` ← (default)
access_ssh_server_enabled boolean	Enable SSH server configuration entry point Choices: `false` `true` ← (default)
access_ssh_service_enabled boolean	Enable SSH service Choices: `false` `true` ← (default)
access_ssh_service_state string	SSH service state Choices: `"started"` ← (default) `"stopped"` `"restarted"` `"reloaded"`
access_ssh_x11_forwarding boolean	Enable X11 forwarding Choices: `false` ← (default) `true`
access_sudoers list / elements=dictionary	List of sudoers entries Default: `[]`
commands string	Commands allowed Default: `"ALL"`
group string	Group to grant sudo access
hosts string	Hosts where rule applies Default: `"ALL"`
name string / required	Entry name (for filename)
nopasswd boolean	Allow without password Choices: `false` ← (default) `true`
runas string	Users to run commands as Default: `"ALL"`
setenv boolean	Allow setting environment Choices: `false` ← (default) `true`
state string	Sudoers entry state Choices: `"present"` ← (default) `"absent"`
user string	User to grant sudo access
access_sudoers_enabled boolean	Enable sudoers management entry point Choices: `false` `true` ← (default)
access_users list / elements=dictionary	List of users to manage Default: `[]`
comment string	User comment (GECOS)
create_home boolean	Create home directory Choices: `false` `true` ← (default)
group string	Primary group
groups list / elements=string	List of supplementary groups
home string	Home directory
name string / required	Username
password string	Encrypted password hash
remove boolean	Remove home directory when state=absent Choices: `false` ← (default) `true`
shell string	User shell Default: `"/bin/bash"`
ssh_keys list / elements=dictionary	SSH keys for this user
state string	User state Choices: `"present"` ← (default) `"absent"`
system boolean	System user Choices: `false` ← (default) `true`
uid integer	User ID
update_password string	When to update password Choices: `"always"` `"on_create"` ← (default)
access_users_enabled boolean	Enable user management entry point Choices: `false` `true` ← (default)
access_validate_ssh_config boolean	Validate SSH config before applying Choices: `false` `true` ← (default)
access_validate_sudoers boolean	Validate sudoers files before applying Choices: `false` `true` ← (default)

Entry point `ssh` – SSH server configuration entry point 

Synopsis 

Entry point for SSH server configuration
Handles sshd_config and service management

Parameters 

Parameter	Comments
access_ssh_password_authentication boolean	Enable password authentication Choices: `false` ← (default) `true`
access_ssh_permit_root_login string	Permit root login Default: `"prohibit-password"`
access_ssh_port integer	SSH port Default: `22`
access_ssh_service_enabled boolean	Enable SSH service Choices: `false` `true` ← (default)

Entry point `ssh_keys` – SSH key management entry point 

Synopsis 

Entry point for managing SSH authorized keys
Handles SSH key deployment for users

Parameters 

Parameter	Comments
access_ssh_keys list / elements=dictionary / required	List of SSH keys to manage

Entry point `sudoers` – Sudoers management entry point 

Synopsis 

Entry point for managing sudoers configuration
Handles sudo access control

Parameters 

Parameter	Comments
access_sudoers list / elements=dictionary / required	List of sudoers entries
access_validate_sudoers boolean	Validate sudoers files Choices: `false` `true` ← (default)

Entry point `users` – User management entry point 

Synopsis 

Entry point for managing user accounts
Handles user creation, modification and removal

Parameters 

Parameter	Comments
access_users list / elements=dictionary / required	List of users to manage

arillso.system.access role – Access management with multi-entry-point support

Collection links